We have enabled audit tracking to track permission changes to a folder on the network. We want to record any changes in Kaseya. Alerting would be nice but not actually required.
Other than just storing a copy of the event log in Kaseya (the security log is huge) is there a way to record these event log entries (ID 560) in Kaseya?
Yes, if you know the specific event log number (such as 560 mentioned above) you can create an event set to watch for that specific event and even specific words in the event. This is under Alerts>Event Logs. You will need to make sure that under the Agent>Event Log Settings you are watching for Audit entries. Let me know if you need any assistance in setting this stuff up, I am available for some consulting.
Thanks for that. However what we are after is more being able to record these event logs, being able to save them somewhere in order to refer back to them in the future should we need to. We can save the whole event log in Kaseya but it's not easy to search and it's zipped after a given period of time.
What we need to do is to save specific event log entries. Alerting on them is useful, but not the requirement as such.